Migrate SLB to ALB Ingresses for Advanced L7 Routing - Container Service for Kubernetes

Server Load Balancer (SLB) Ingresses were phased out on February 28, 2023. Container Service for Kubernetes (ACK) Serverless no longer provides technical support for SLB Ingresses after that date, and you cannot install or manage the SLB Ingress controller in an ACK Serverless cluster. This topic describes how to migrate an existing SLB Ingress to an Application Load Balancer (ALB) Ingress.

Important

Smooth migration (zero-downtime cutover) from SLB Ingresses to ALB Ingresses is not supported, because the two Ingress types use different underlying implementations.

Why migrate to ALB Ingresses

SLB provides limited Layer 7 capabilities. It does not support HTTP rewrites, redirects, overwrites, or throttling, and you must set instance specifications manually. ALB Ingresses address these gaps:

Complex routing rules based on HTTP headers or cookies
Automatic SSL/TLS certificate discovery
HTTP, HTTPS, and Quick UDP Internet Connections (QUIC) protocol support

For more information about the comparison between ALB and SLB, see What is SLB?

Prerequisites

Before you begin, make sure you have:

An ACK Serverless cluster with at least one SLB Ingress deployed
kubectl configured to connect to the cluster. See Obtain the kubeconfig file of the cluster and use kubectl to connect to the cluster
At least two vSwitches in different availability zones, both in the same Virtual Private Cloud (VPC) as your cluster (required by ALB)

Migration overview

The migration has three stages:

Create an ALB Ingress alongside the existing SLB Ingress and verify it works.
Switch DNS to point to the ALB Ingress endpoint.
Delete the SLB Ingress and uninstall the SLB Ingress controller.

Migration example

The following example migrates an SLB Ingress that routes traffic for the domain demo.ingress.vip to an nginx Service.

The key difference between the two Ingress manifests is ingressClassName: change slb to alb. The ALB Ingress must have a different name from the SLB Ingress. Before you apply the ALB Ingress manifest, you must create the AlbConfig and IngressClass resources described in Step 1.

Before (SLB Ingress):

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: demo-ingress
  namespace: default
spec:
  ingressClassName: slb
  rules:
    - host: demo.ingress.vip
      http:
        paths:
          - backend:
              service:
                name: nginx
                port:
                  number: 80
            path: /
            pathType: Prefix

After (ALB Ingress):

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: demo-ingress-alb
  namespace: default
spec:
  ingressClassName: alb
  rules:
    - host: demo.ingress.vip
      http:
        paths:
          - backend:
              service:
                name: nginx
                port:
                  number: 80
            path: /
            pathType: Prefix

Step 1: Create an ALB Ingress

Install the ALB Ingress controller. See Manage the ALB Ingress controller.
Create an AlbConfig to provision an ALB instance.
1. Create albconfig.yaml with the following content:
```
apiVersion: alibabacloud.com/v1
kind: AlbConfig
metadata:
  name: alb-demo
spec:
  config:
    name: alb-test
    addressType: Internet
    zoneMappings:
    - vSwitchId: vsw-wz9e2usil7e5an1xi****
    - vSwitchId: vsw-wz92lvykqj1siwvif****
  listeners:
    - port: 80
      protocol: HTTP
```
  Replace the vSwitchId values with the IDs of your vSwitches. You must specify at least two vSwitches in different availability zones, and both must belong to the same VPC as your cluster.
2. Apply the manifest:
```
kubectl apply -f albconfig.yaml
```
3. Verify that the ALB instance is created:
```
kubectl get albconfig alb-demo
```
  The output should look similar to:
```
NAME       ALBID                    DNSNAME                                               PORT&PROTOCOL   CERTID   AGE
alb-demo   alb-eeee6gtqbmrm19****   alb-eeee6gtqbmrm19****.cn-shenzhen.alb.aliyuncs.com                            27s
```
  Note the DNSNAME value — you will use this as the ALB Ingress endpoint in Step 2. If ALBID is empty after a few minutes, check the ALB Ingress controller logs for provisioning errors. For troubleshooting guidance, see Manage the ALB Ingress controller.

Create an IngressClass to link Ingress resources to the AlbConfig.

Create ingressclass.yaml with the following content:

apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
  name: alb
spec:
  controller: ingress.k8s.alibabacloud/alb
  parameters:
    apiGroup: alibabacloud.com
    kind: AlbConfig
    name: alb-demo

parameters.name must match the AlbConfig name (alb-demo in this example).

Apply the manifest:
```
kubectl apply -f ingressclass.yaml
```

Create the ALB Ingress.

Create albingress.yaml with the following content:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: demo-ingress-alb
  namespace: default
spec:
  ingressClassName: alb
  rules:
    - host: demo.ingress.vip
      http:
        paths:
          - backend:
              service:
                name: nginx
                port:
                  number: 80
            path: /
            pathType: Prefix

The name must differ from the existing SLB Ingress name. ingressClassName must match the IngressClass name (alb).

Apply the manifest:
```
kubectl apply -f albingress.yaml
```

Verify the ALB Ingress endpoint:

kubectl get ing

The output should look similar to:

NAME                CLASS   HOSTS              ADDRESS                                               PORTS   AGE
demo-ingress        slb     demo.ingress.vip   120.79.**.**                                          80      35m
demo-ingress-alb    alb     demo.ingress.vip   alb-eeee6gtqbmrm1****.cn-shenzhen.alb.aliyuncs.com   80      46s

Note the ADDRESS of demo-ingress-alb — this is the ALB Ingress endpoint.

Confirm that traffic reaches your application through the ALB Ingress:

curl -H "Host: demo.ingress.vip" http://alb-eeee6gtqbmrm1****.cn-shenzhen.alb.aliyuncs.com

Expected output (truncated):

<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
...

Step 2: Switch DNS to the ALB Ingress

Update the DNS record for your domain to point to the ALB Ingress endpoint, replacing the endpoint of the SLB Ingress with the endpoint of the ALB Ingress.

Log on to the Alibaba Cloud DNS console.
On the Domain Name Resolution page, click the domain name in the Authoritative Domain Names column.
On the DNS Settings page, click Modify in the Actions column.
In the Modify DNS Record panel, set Record Value to the ALB Ingress endpoint (for example, alb-eeee6gtqbmrm1****.cn-shenzhen.alb.aliyuncs.com), then click OK.
Verify that the domain resolves to the ALB Ingress. Open demo.ingress.vip in a browser — Welcome to nginx! should appear.

Step 3: Delete the SLB Ingress and uninstall the controller

After confirming that traffic is flowing through the ALB Ingress, remove the SLB Ingress and its controller.

Delete the SLB Ingress.
1. In the left-side navigation pane of the cluster details page, choose Network > Ingresses.
2. At the top of the Ingresses page, select the namespace containing the SLB Ingress. Find the SLB Ingress and choose More > Delete in the Actions column.
3. Click OK to confirm.
Uninstall the SLB Ingress controller.
1. Log on to the ACK console. In the left-side navigation pane, click Clusters.
2. On the Clusters page, click the name of your cluster. In the left-side pane, choose Operations > Add-ons.
3. On the Add-ons page, click the Others tab. Find SLB Ingress Controller and click Uninstall.
4. Click OK to confirm.

Container Service for Kubernetes:Migrate from SLB Ingress to ALB Ingress